nss.uid.ignore

This configuration parameter specifies a set of one or more user identifiers that the Delinea NSS module will ignore for lookup in Active Directory.

In most cases, this configuration parameter’s value is generated automatically by group policy.

If you select the Specify user names to ignore group policy and click Enabled, you can type the list of local user names not stored in Active Directory. The list you specify for the group policy is then stored in the /etc/centrifydc/user.ignore file and used to automatically generate the /etc/centrifydc/uid.ignore file. These files are then used to disable looking up account information in Active Directory for the users specified, which results in faster name lookup service for system user accounts such as tty and disk.

You can, however, define this parameter manually in the configuration file if you are not using group policy or want to temporarily override group policy.

If you manually set this parameter, the parameter value should be one or more user identifiers, separated by a space, or the file: keyword and a file location. For example:

nss.uid.ignore: 0 20 5861
nss.uid.ignore=file:/etc/centrifydc/uid.ignore

A default set of system user accounts to ignore is defined in the sample /etc/centrifydc/user.ignore file and in the /etc/centrifydc/uid.ignore file. If you edit either file, be sure to run the adreload command after modifying the file to have the changes take effect.